Oh, looking at your policy statements, it shows you're using
UsernameToken[1] (message-layer encryption), not Basic Auth with
transport-layer encryption, so the username/passwords you enter via
Basic Auth will not satisfy the UsernameToken requirements. [1] can
show how you can feed the username/password data. The link I gave
earlier is still relevant though for making sure the call is over SSL
(for encrypting the UsernameToken data) even if you're not providing
Basic Auth authentication.
Another point: If the soap:address in the WSDL that the client is
reading (by virtue of its hardcoded link to the file in your
ClientService implementation class) uses http and not https, I'm not
sure you can get the CXF framework to switch to SSL merely by using
ENDPOINT_ADDRESS_PROPERTY with an https:// ?URL. You may need to change
the wsdl's soap:address to https://anything... for that to work, so
it's still on the same protocol with just the endpoint URL changing.
HTH,
Glen
[1] http://www.jroller.com/gmazza/entry/cxf_usernametoken_profile
On 10/13/2011 11:45 AM, Beyer, Doug wrote:
I remove conduit configuration from my cfx.xml file and changed my code to use:
ClientService svcObj = new ClientService();
IClientService svc = svcObj.getCustomBindingIClientService();
BindingProvider provider = (BindingProvider)svc;
provider.getRequestContext().put( BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
"https://dev.socsuite.com/Services/ClientService.svc/ClientService"; );
provider.getRequestContext().put( BindingProvider.USERNAME_PROPERTY,
"user name" );
provider.getRequestContext().put( BindingProvider.PASSWORD_PROPERTY,
"password" );
and I still get the same runtime error in the CXF debug log output.
Any ideas?
-----Original Message-----
From: Beyer, Doug [mailto:[email protected]]
Sent: Thursday, October 13, 2011 8:31 AM
To: [email protected]
Subject: RE: Configuration for https
Thanks for the response.
From the article your referenced, my take away is:
1) I don't think I need to do anything with the web server side of things,
correct?
2) I've confirmed that for our web services, no specific certificates are
needed on the client side.
3) The client needs to ensure that the protocol being used HTTPS and that the
login credentials get sent correctly. Am I correct in that if I use
ClientService svcObj = new ClientService();
IClientService svc = svcObj.getCustomBindingIClientService();
BindingProvider provider = (BindingProvider)svc;
provider.getRequestContext().put( BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
"https://dev.socsuite.com/Services/ClientService.svc";);
provider.getRequestContext().put(BindingProvider.USERNAME_PROPERTY,
"username");
provider.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY,
"password");
Then the need for **all** this configuration goes away:
<http:conduit name="http://dev.socsuite.com/Services/.*";>
<!-- Hopefully this sets up a SOAP Security element?!? -->
<http:authorization>
<sec:UserName><the user name></sec:UserName>
<sec:Password><the password></sec:Password>
</http:authorization>
<!-- Should set up https. -->
<http:tlsClientParameters
secureSocketProtocol="SSL"></http:tlsClientParameters>
</http:conduit>
4) Assuming that #3 above was correct but I still want to use configuration, do
you have any comments about my configuration shown in the original email and
how that might be causing the runtime error shown in the CXF debug log output?
Do I need to spend time understanding WS-Policy to get around that runtime
error?
Thanks again for helping.
-----Original Message-----
From: Glen Mazza [mailto:[email protected]]
Sent: Thursday, October 13, 2011 8:04 AM
To: [email protected]
Subject: Re: Configuration for https
Might this help you:
http://www.jroller.com/gmazza/entry/ssl_for_web_services ? It may be easier to
just hardcode the use of SSL rather than rely on WS-Policy statements
implementing it.
Glen
On 10/13/2011 10:34 AM, Beyer, Doug wrote:
I'm trying to connect to our own .Net web services using java. I need to use
HTTPS.
http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html is
a bit confusing as the configuration examples shown don't seem to align
correctly with the data in the CXF 2.4.2
samples\wsdl_first_https\wsdl\hello_world.wsdl file.
I am not an expert in Spring or CXF and am just trying to get my java web
service client configured as quickly as possible.
Below is a snippet containing the pertinent (I hope) sections from our wsdl:
<wsdl:definitions name="ClientService" targetNamespace="http://www.troppussoftware.com/service/2010/12/"; xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"; xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex";
xmlns:wsa10="http://www.w3.org/2005/08/addressing"; xmlns:tns="http://www.troppussoftware.com/service/2010/12/"; xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy";
xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract"; xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"; xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata";
xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"; xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/";>
<wsp:Policy wsu:Id="CustomBinding_IClientService_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpToken/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
<sp:Wss11
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy/>
</sp:Wss11>
<sp:Trust10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
...
<wsdl:service name="ClientService">
<wsdl:port name="CustomBinding_IClientService"
binding="tns:CustomBinding_IClientService">
<soap12:address
location="http://dev.socsuite.com/Services/ClientService.svc/ClientService"/>
<wsa10:EndpointReference>
<wsa10:Address>http://dev.socsuite.com/Services/ClientService.svc/ClientService</wsa10:Address>
<Identity
xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity";>
<Dns>localhost</Dns>
</Identity>
</wsa10:EndpointReference>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
From
http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html , I
decided to use the following shorthand since all our clients will need the same
https conduit for all our services:
Another option for the name attribute is a reg-ex expression for the ORIGINAL
URL of the endpoint. The configuration is matched at conduit creation so the
address used in the WSDL or used for the JAX-WS Service.create(...) call can be
used for the name. For example, you can do:
<http:conduit name="http://localhost:8080/.*";>
......
</http:conduit>
to configure a conduit for all interactions on localhost:8080. If you have
multiple clients interacting with different services on the same server, this
is probably the easiest way to configure it.
That same CXF web page references a blog entry at
http://techpolesen.blogspot.com/2007/08/using-ssl-with-xfirecxf-battling.html .
Using the info from that blog entry, the CXF web page, and my wsdl, I decided
to use the following conduit configuration in my cxf.xml:
<http:conduit name="http://dev.socsuite.com/Services/.*";>
<http:authorization>
<sec:UserName><the user name></sec:UserName>
<sec:Password><the password></sec:Password>
</http:authorization>
<http:tlsClientParameters
secureSocketProtocol="SSL"></http:tlsClientParameters>
</http:conduit>
When I attempt to execute a method of our web service, I get the following from
the CXF debug logging (with log level = INFO):
Oct 13, 2011 7:28:46 AM
org.springframework.context.support.AbstractApplicationContext
prepareRefresh
INFO: Refreshing
org.apache.cxf.bus.spring.BusApplicationContext@11a01dd: startup date
[Thu Oct 13 07:28:46 PDT 2011]; root of context hierarchy Oct 13, 2011
7:28:46 AM org.apache.cxf.bus.spring.BusApplicationContext
getConfigResources
INFO: Loaded configuration file cxf.xml.
Oct 13, 2011 7:28:46 AM
org.springframework.beans.factory.xml.XmlBeanDefinitionReader
loadBeanDefinitions
INFO: Loading XML bean definitions from file
[D:\Dev\phoenix_git\protocolprototype2\CxfWebServices\cxf.xml]
Oct 13, 2011 7:28:47 AM
org.springframework.beans.factory.support.DefaultListableBeanFactory
preInstantiateSingletons
INFO: Pre-instantiating singletons in
org.springframework.beans.factory.support.DefaultListableBeanFactory@1
abcd9b: defining beans
[cxf,org.apache.cxf.bus.spring.BusWiringBeanFactoryPostProcessor,org.a
pache.cxf.bus.spring.Jsr250BeanPostProcessor,org.apache.cxf.bus.spring
.BusExtensionPostProcessor,org.apache.cxf.wstx_msv_validation.Woodstox
ValidationImpl,LoggingInInterceptor,LoggingOutInterceptor,cxf.config0,
http://dev.socsuite.com/Services/.*]; root of factory hierarchy Oct
13, 2011 7:28:47 AM
org.apache.cxf.service.factory.ReflectionServiceFactoryBean
buildServiceFromWSDL
INFO: Creating Service
{http://www.troppussoftware.com/service/2010/12/}ClientService from
WSDL: file:wsdl/ClientService.svc.wsdl Oct 13, 2011 7:28:48 AM
org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl
handleNoRegisteredBuilder
WARNING: No assertion builder for type
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}HttpToken registered.
Oct 13, 2011 7:28:48 AM
org.apache.cxf.ws.policy.attachment.wsdl11.Wsdl11AttachmentPolicyProvi
der getElementPolicy
WARNING: Failed to build the policy
'CustomBinding_IClientService_policy':org.apache.neethi.builders.Primi
tiveAssertion cannot be cast to
org.apache.cxf.ws.security.policy.model.Token
ERROR - login_1() - javax.xml.ws.soap.SOAPFaultException:
org.apache.neethi.builders.PrimitiveAssertion cannot be cast to
org.apache.cxf.ws.security.policy.model.Token
Is the problem simple like mis-matched jars or does it have to do with my
configuration?
Thanks in advance for your help.
--
Glen Mazza
Talend - http://www.talend.com/apache
Blog - http://www.jroller.com/gmazza
Twitter - glenmazza
--
Glen Mazza
Talend - http://www.talend.com/apache
Blog - http://www.jroller.com/gmazza
Twitter - glenmazza
